@Jason
I have a question.
How is the Inject() method used exactly? Do you need only the (.dll , processID) or are you suppose to find the handle before that?
This what I have so far:
Code:Dim pID As Integer = 0 Dim p() As Process = Process.GetProcesses Dim hModule As IntPtr = IntPtr.Zero For Each x As Process In p If x.ProcessName = txtProcess.Text Then pID = x.Id hModule = FindWindow(Nothing, x.MainWindowTitle) ' <-------- Do I set it here or is that not what I'm suppose to do End If Next If hModule = IntPtr.Zero Then MessageBox.Show("process not found", "Error") Else Dim injector As InjectionMethod = InjectionMethod.Create(InjectionMethodType.ManualMap) Using img As New PortableExecutable(My.Resources.kajsdh) hModule = injector.Inject(img, pID) <---------- Because hModule is being set here when the inject function performs End Using If hModule <> IntPtr.Zero Then '--------------------------- I know everything below this is off or kinda extra coding ↓ Else If injector.GetLastError() IsNot Nothing Then MessageBox.Show(injector.GetLastError().Message) End If End If End If
There are various overloads on the Inject method that you can use. For your example, I would just use the following:
There is no need for "FindWindow" here at all. The handle that FindWindow returns is a HWND (Handle to Window), not a HMODULE (Handle to Module), the two are completely different. Apologies if the above code doesn't compile as-is, I haven't used VB.NET in a while and I don't have a compiler or IDE at work.Code:Dim targets As Process() = Process.GetProcessesByName(txtProcess.Text) If targets.Length > 0 Then Dim processId As Integer = targets(0).Id Dim hModule As IntPtr = IntPtr.Zero Dim injector As InjectionMethod = InjectionMethod.Create(InjectionMethodType.ManualMap) Using img As New PortableExecutable(My.Resources.kajsdh) hModule = injector.Inject(img, processId) End Using If hModule <> IntPtr.Zero Then ' File was injected successfully, do whatever you want here Else ' an error occured, let the user know If injector.GetLastError() IsNot Nothing Then MessageBox.Show(String.Format("An error occurred when injecting:{0}{0}{1}", Environment.NewLine, injector.GetLastError().Message)) Else MessageBox.Show("An unknown error occurred when injecting") End If End If Else MessageBox.Show("Target process is not running") End If
You can win the rat race,Originally Posted by Jeremy S. Anderson
But you're still nothing but a fucking RAT.
++Latest Projects++
[Open Source] Injection Library
Simple PE Cipher
FilthyHooker - Simple Hooking Class
CLR Injector - Inject .NET dlls with ease
Simple Injection - An in-depth look
MPGH's .NET SDK
eJect - Simple Injector
Basic PE Explorer (BETA)
How about additional options like remove PE header? For example when i inject with Radject it only works with these options. When i just manual map with this lib then my hack gets detected.
EDIT: I just added a remove PE header method manually and it works now
Last edited by ccman32; 06-12-2013 at 02:48 PM.
It was a tradeoff in writing this library as pure injection library. If I added the functionality to remove the PE header into this library, then it'd be moving outside the scope of just injection and it'd open up the project to get bloated with unnecessary crap.
However, writing your own method to remove the PE header is easy anyway:
Given that the PE header is always at the beginning of the module (the pointer to which you get from my library's "Inject" method), it's a simple matter to just set the entire DOS header to 0. You can, of course, take this even further and make it more sophisticated but that's the basics of it.Code:IntPtr hProcess = OpenProcess(...); // whatever way you want to get a read/write/operation handle to the target process IntPtr hModule = method.Inject(...); // as normal var crapware = new byte[0x40]; // size of an IMAGE_DOS_HEADER (each element of a new byte array is initialized with itsdefault value (0) in C#) WriteProcessMemory(hProcess, hModule, crapware, crapware.Length, IntPtr.Zero); CloseHandle(hProcess);
You can win the rat race,Originally Posted by Jeremy S. Anderson
But you're still nothing but a fucking RAT.
++Latest Projects++
[Open Source] Injection Library
Simple PE Cipher
FilthyHooker - Simple Hooking Class
CLR Injector - Inject .NET dlls with ease
Simple Injection - An in-depth look
MPGH's .NET SDK
eJect - Simple Injector
Basic PE Explorer (BETA)
I got another problem @Jason. After adding the removepeheader method and compiling i added the reference to the library in my vb.net injector project. Now, every time when i compile my project im getting an error during build process. Just a popup message telling me that without any other information. Somehow i managed to compile and run the program but right when it injects i get a JIT Debugger error that InjectionLibrary.InjectionMethod in the assembly "InjectionLibrary, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" could not be loaded. Why am i getting this error pissing me off since like 2 hours now?!?
Nice work jason! now i can finish euro farmer for AVA.
You can win the rat race,Originally Posted by Jeremy S. Anderson
But you're still nothing but a fucking RAT.
++Latest Projects++
[Open Source] Injection Library
Simple PE Cipher
FilthyHooker - Simple Hooking Class
CLR Injector - Inject .NET dlls with ease
Simple Injection - An in-depth look
MPGH's .NET SDK
eJect - Simple Injector
Basic PE Explorer (BETA)
@Jason, why can't I download?
You can win the rat race,Originally Posted by Jeremy S. Anderson
But you're still nothing but a fucking RAT.
++Latest Projects++
[Open Source] Injection Library
Simple PE Cipher
FilthyHooker - Simple Hooking Class
CLR Injector - Inject .NET dlls with ease
Simple Injection - An in-depth look
MPGH's .NET SDK
eJect - Simple Injector
Basic PE Explorer (BETA)
This sounds really interesting and i'd like to deal with it but i am not able to see the attached files...
Regards, Rastajan.